> I am looking for a good tool to detect brute-force and dictionary attacks o=
> n user accounts on a Linux system . The tool should also have the intellig=
> ence to differntiate between user mistakes and actual brute-force/dictiona=
> ry attacks and reduce the false positives. SuSE/RedHat included security t=
> ools are not helping in this case .=20

There is a purely netfilter/iptables solution here:
http://msgs.securepoint.com/cgi-bin/get/netfilter-0505/62.html

that example is for SSH, but you can probably tweak it to do what you need.

For kernels that don't have all the netfilter modules compiled in, I wrote
a program to monitor my logs and add a rule to the INPUT chain to block
repeated connections with accounts that don't exist. The actual iptables
command looks something like: